N1QL readonly permissions

n1ql

#1

I was wondering if there is any way of ensuring that the N1QL REST API users can be configured as readonly?
In the documentation of N1QL over REST it says that there is a property that can ensure readonly behavior and that it can be overridden by an server-wide parameter:

readonly | Boolean | Optional. Always true for GET requests. By default, false for POST requests. If the server-wide readonly parameter is set to true, its setting supersedes the request readonly parameter.

  1. What is that server-wide parameter? How can it be modified? What will be the impact of changing it to be readonly?
  2. If it doesn’t work as i hope it will, what is the alternative? I would like to give readonly query permissions to support and sales co-workers without worrying about the consequences. Maybe a solution can be a one-way XDCR to another DC which will be exposed to them?

#2

Hi,

Thank you for your feedback!

With SASL buckets, the permission model in Couchbase is all-or-nothing. Role-based access control for application users is on our future product roadmap.

Thank you and regards,
Don Pinto
PM, Couchbase Server


#3

XDCR might be your best bet for now. You can start up a Query Service in read-only mode, but this requires manual configuration, which I would not recommend.